Medium severity6.5NVD Advisory· Published Jun 20, 2024· Updated Apr 15, 2026

CVE-2023-49112

Description

Kiuwan provides an API endpoint

/saas/rest/v1/info/application

to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even though they have not been granted the necessary rights to do so.

This issue affects Kiuwan SAST: <master.1808.p685.q13371

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2024/Jun/3nvd
r.sec-consult.com/kiuwannvd
www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Lognvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000